Security in Business Integration

Overview

Security is a broad category that includes a wide range of aspects and applies to various levels of abstraction of integration architecture. Above all, security is mainly a people-centric, rather than a software-centric, challenge.

In this section, we provide a brief introduction to the following topics:

Security is a broad and deep field both on its own and as a critical dimension in Business Integration. This is just a rather rough overview; the length of our account here does not reflect the importance of the topic.

Security Dimensions

These are the main dimensions considered within the security field:

Authentication: the verification of an identity; who.

Authorisation: the permission to perform an activity; what.

Availability: the ability to withstand and/or survive an attack.

Confidentiality: the safekeeping of data both in transit and once that it is stored permanently; ensuring that only the right people have access to it.

Integrity: the guarantee that data may not be altered neither by technical fault nor intrusion.

Accounting and Auditing: the logging of user activity for the purpose of forensics, pattern-detection, risk analysis and so on.

Demilitarised zone (DMZ): A network in which systems may trust one another.

Security Contexts

Relevant integration layers sensitive to security:

Transport Layer: For example, HTTPS. This is point-to-point rather than end-to-end encryption.

Message-level Security: For example, WS-Security. This permits end-to-end security provided that the encryption and decryption of messages takes place appropriately, so that the information is only available to the right individuals.

Security in SOAP

In SOAP, security capabilities typically rely on the WS-Security framework.